fix(decopilot): destructive tools require user approval and new model allow all

[guitavano]

Summary

• Tools annotated with destructiveHint: true now always require user approval, regardless of the ToolApprovalLevel setting (auto or readonly)
• Previously destructiveHint was only used for UI badges and analytics — the approval gate only checked readOnlyHint
• Passthrough MCP tools now forward annotations.destructiveHint to toolNeedsApproval

Test plan

• Added 6 new tests covering destructive approval behavior
• All 55 existing tests still pass
• Verify in the UI that a destructive MCP tool triggers the approval prompt even with auto approval level

🤖 Generated with Claude Code

---

Summary by cubic

Destructive MCP tools with destructiveHint: true now require approval on auto and readonly. A new trust-all level skips all approval prompts, including destructive tools. Passthrough tools now forward annotations.destructiveHint to toolNeedsApproval.

• New Features
  • Added trust-all ToolApprovalLevel; toolNeedsApproval auto-approves everything on trust-all.
  • Updated chat selector and Profile Preferences to include trust-all with clear labels; preferences validation accepts trust-all.
  • Added tests for trust-all and destructive approval; plan mode still hard-blocks non-read-only tools.

^{Written for commit ed93659. Summary will update on new commits.}

[github-actions]

🧪 Benchmark

Should we run the Virtual MCP strategy benchmark for this PR?

React with 👍 to run the benchmark.

Reaction	Action
👍	Run quick benchmark (10 & 128 tools)

Benchmark will run on the next push after you react.

[github-actions]

Release Options

Suggested: Patch (2.297.6) — based on fix: prefix

React with an emoji to override the release type:

Reaction	Type	Next Version
👍	Prerelease	2.297.6-alpha.1
🎉	Patch	2.297.6
❤️	Minor	2.298.0
🚀	Major	3.0.0

Current version: 2.297.5

Note: If multiple reactions exist, the smallest bump wins. If no reactions, the suggested bump is used (default: patch).

[viktormarinho]

🧐🥴